skin color theme

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Web Pages being redirected

Hello guys. When surfing I notice that web pages are were being redirected to unrelated stuff. I did a little research and downloaded HijackThis. I had an R3 - URLSearchHook that I had HijackThis fix but I am not sure if I have other stuff that needs to be removed. My PC has been a little slow but It could be the amount of RAM. I have and used CW Schredder, AD-Aware, CCleaner and RegScrub. Can you let me know if there is a problem from my log? Thanks in advance.

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement".

The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.

Check any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

The following explains how to remove items from your computer that are malware. These items must be fixed!

Scan with HijackThis. Place a check against each of the following:O17 - HKLM\System\CCS\Services\Tcpip\..\{A90C960A-3A17-4EB2-AF3F-BC0DC7D92F6E}: NameServer = 85.255.114.25,85.255.112.69
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.

==========
This is a check just to make sure no rootkit is present –sometimes rootkits are present with wareout infections.GMER
Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.

Please rename the GMER file
Note: You can rename gmer.exe to anything you like as long as you keep the .exe ending.
Run the Gmer.exe renamed program by double-clicking the executable file (gmer.exe) in Windows Explorer. You may be prompted to scan immediately if GMER detects rootkit activity.

If you are prompted to scan your system click "yes" to begin the scan.

If you are not prompted, Click the "Rootkit" tab, then click "Scan".

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Standard

Scan Options:

Scan Archives

Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information from Kapersky in your next post.

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Please post (reply) with the results from the GMER scan, Kapersky, and a fresh hijackthis log.

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Susan, Outlook express was my email program I used to use. I started using Outlook but just kept Outlook Express. I hadn't opened it in years. When I saw that old email I opened Outlook Express and deleted all the those old emails. I ran Kaspersky again and it came up clean. Here is the scan and a fresh HijackThis scan. So does my PC pass the grade now?

Yes, hope I haven't been too picky but don't like infected items on a computer. I think of Pandora's box.

STEP 1.
======System Restore for Windows XPReset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Susan thanks for all the help. I have a couple of questions though. I can't do a system restore because I am running windows 2000, or can I? I update automatically every night with my antivirus, which is F-secure. F-secure is a whole suite of protection I receive free with Charter, my internet service provider. I have Microsoft notify me when there is a new update, so I am on top of that. I used to have Spybot Search & Destroy, and I liked it, but F-Secure could not run with Spybot, so I no longer have it. I have Ad-aware, Spywareblaster, CCleaner, CWShredder, RegscrubXE and I update and run them regularly. Also on my last HijackThis post I saw this:O16 - DPF: {56C9629A-C33F-11D3-BBFB-00105A1FAD68} - http://www.eyetide.c...e Installer.cab I removed the Eyetide program a while ago , so can i have HijackThis fix this or must I delete it another way or is it not a problem? One other question does the Google Web Accelerator really work if I am cleaning my cache and history? Hope that you can respond.

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

0 user(s) are reading this topic

About What the Tech

Tom (Coyote) Wilson started this site as TomCoyote.org in 2002. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom. Cluster headaches forced retirement of Tom in 2007, and the site was renamed "What the Tech". Free malware removal help and training has remained a constant.